Key Information

GDPR

What is GDPR?

General Data Protection Regulations, or GDPR, is a system that has been designed to protect the personal data and privacy rights of all citizens within the European Union. The new regulations will bring the UK into line with the current rules governing countries including Germany, Canada and Australia. The GDPR will replace the Data Protection Act 1998 on 25th May 2018.

The GDPR places greater emphasis on the documentation that data controllers (‘The School’) must keep to demonstrate their accountability.

What does GDPR actually do?

GDPR does a few things:

It defines what is meant by ‘personal data’

It confers rights on ‘data subjects’

It places obligations on ‘data controllers’ and ‘data processors’

It creates principles relating to the processing of personal data

It provides penalties for failure to comply with the above

What is personal data?

The definition of personal data under GDPR is given as being:

‘ Any information relating to an identified or identifiable person (data subject); an identifiable person is one who can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person’.

Who are Data Controllers and Data Processors?

The Data controller is the person or organisation which determines purposes and means of the processing of personal data.

The data processor is the person or organisation which processes the personal data on behalf of the controller.

What rights do Data Subjects have?

Data subjects – the living individuals that the personal data being processed relates to have the following rights under GDPR:

The right to be informed what data you are using, why and for what purpose

The right of access – you can see what data we are processing if you request

The right of rectification – if your data is wrong, we have to correct it

The right to erasure

The right to restrict processing – you can ask us to stop using your data unless we have legitimate legal basis to continuing to do so

The right to object – you can object to us using your data unless we have an overriding legitimate reason to continue

Individuals have an increased right of access to their data and it’s use

All individuals will have a right to obtain confirmation that the data controller is processing their personal data. They will be able to request access to all their personal data that you are processing including what data you are processing, why you are processing it, who it is being shared with and how it will be retained.